def decode_reset_password_token(token):
data = decode_token(token, current_app.config['SECRET_KEY'],
current_app.config['RESET_PASSWORD_SALT'],
1 * ONE_DAY_IN_SECONDS)
timestamp = parse_fernet_timestamp(token)
email_address = data.get('email_address', None)
if email_address is None:
raise ValueError(
"Required argument email address was not returned from token decoding"
)
user = User.query.filter(User.email_address == email_address).first()
user_last_changed_password_at = user.password_changed_at
"""
timestamp of token returned from parse_fernet_timestamp does not use ms,
User model does so if you compare
these two immediately - like you will in a test, this will return a false positive
"""
if timestamp < user_last_changed_password_at.replace(microsecond=0):
current_app.logger.info(
"Token generated earlier than password was last changed")
raise InvalidToken(
"Token generated earlier than password was last changed")
return data
def test_parse_timestamp_from_token():
test_time = datetime(2000, 1, 1)
with freeze_time(test_time):
data = {}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
timestamp = parse_fernet_timestamp(token)
assert timestamp == test_time
def test_parse_timestamp_from_token():
test_time = datetime(2000, 1, 1)
with freeze_time(test_time):
data = {}
token = generate_token(data, TEST_SECRET_KEY, 'PassSalt')
timestamp = parse_fernet_timestamp(token)
assert timestamp == test_time